Single Sign on with SAML 2.0 Standards

Single sign-on allows users of your Empuls account to log in using your existing SAML enabled identity provider such as OneLogin, Okta, PingIdentity, G Suite and many more. This means users don’t have to keep track of yet another email and password. More importantly, it grants admins the ability to add and revoke user access centrally using your existing identity management tool.

Our single sign-on integration supports SAML 2.0.

 

How SAML works?

SAML (Security Assertion Markup Language) is a standard protocol that provides identity providers a secure way to let a service provider, such as Empuls, know who a user is. It does this by sending Empuls a cryptographically signed XML document asserting the user is who they say along with some basic user information.

Once configured users can authenticate with the following process:

  1. User provides his email address at login page and clicks proceed

  2. The user is redirected to your identity provider interface i.e AD login page

  3. The identity provider authenticates the user and redirects user back to Empuls

  4. User is granted access to Empuls

 

Supported identity providers

Here is the list of few well known identity provider systems that are compatible with support SAML 2.0

  • ADFS

  • Azure AD

  • Okta

  • One login

  • G Suite

  • Ping Identity

 

Note: Any Identity Provider system that supports SAML 2.0 standards can be integrated with Empuls for SSO.

 

How do I set it up?

Empuls allows program managers to setup the SSO integration themselves through a do it yourself interface under Admin Settings page. Here are the steps for it.

1. Navigate to Integrations page under Admin Settings menu option, here you will be able to see the SAML 2.0 SSO integration as an option (refer image below)

 

image

 

2. Initiate the integration by clicking on start setup button in SAML 2.0 SSO page

3. The setup is divided into 3 simple steps, the first step provides you the SAML 2.0 certificate of the service provider (i.e Empuls). The admin needs to download this certificate and upload it to their identity provider system. You will be able to proceed with the integration after you have uploaded the certificate successfully.

 

image

 

4. The IDP metadata (i.e Certificate issued by the identity provider system) can be uploaded to the Empuls in Upload IDP metadata section. 

 

image

 

5. You can next test the connection after having uploaded all the required data. Here you will be able to verify if the connection to the identity provider was successful. Incase of errors, you can go back to the previous step and make corrections to the IDP metadata as needed.

 

image


6. After successful completion of the test connection, the SSO will be ready for you to enable it. On enabling the SSO, all users will be able to authenticate themselves through the integrated identity provider system

 

Manage SSO

The option of Enable and Disable SSO provides you the options to easily manage the user logins during the identity provider system downtime. Edit SSO option lets the program managers update the SSO integration incase of identity provider system migrations and change management.

 

image

 

Please reach out to our customer support team at cs@xoxoday.com if you face any challenge in setting up your Single Sign-On.

Did this answer your question?
...